Last week, the Irish High Court released an important decision in the EMI Records & Ors -v- Eircom Ltd ,  IEHC 108 case. The court held that a settlement agreement between an Irish ISP, Eircom, and owners of copyright protected sound recordings and videos to implement a voluntary graduated response system was compatible with Irish data protection legislation. The ruling by Justice Charleton delivered on 16th April, 2010, is noteworthy not only because it found that collecting and using IP addresses for the purposes of sending out graduated response notices to subscribers does not violate data protection legislation. It is also noteworthy because the court recognized that the right to copyright is a human right protected by the Constitution of Ireland, 1937; and that the graduated response protocol was fully justified in light of the importance of copyright and the adverse effects of unauthorized online file sharing.
The background to the case involves a settlement agreement between Eircom and various rights holders that requires Eircom to implement an agreed to protocol to reduce illegal file sharing by Eircom’s customers. It involves collection of IP addresses by rights holders that are associated with online infringements. The IP addresses will be sent to Eircom which in turn will send out a series of notices designed to educate users about unauthorized file sharing and give them ample opportunities to stop or face possible sanctions including account disconnection. This remedy can only be applied following three notices and a review of individual circumstances and mitigating factors by Eircom.
The copyright holders had pressed for the settlement because of the significant losses being suffered due to unauthorized file sharing. The judge recognized this, finding that remuneration to rights holders is “shrinking by reason copyright theft over the internet” and that the interests of creators is being “utterly disregarded” by this activity.
The judge pointed out that the “attraction of free, but illegal, downloading of the latest songs and videos made the sale of internet access attractive.” Everyone from users to ISPs were free riding from unauthorized file sharing resulting in losses to artists and the creative community.
The Data Protection Commissioner had raised several questions about the settlement. The first two were the following:
“1. Do data comprising IP addresses, in the hands of EMI or its agent(s), and taking account of the purpose for which they are collected and their intended provision to Eircom, constitute “personal data” for the purposes of the Data Protection Acts, 1988-2003, thereby requiring that the collection of such IP addresses by EMI or its agents must comply with the specific requirements of each of section 2, 2A|, 2B, 2C and 2D of the Data Protection Act, 1988 as amended?
2. Having regard to section 2A(1) of the Data Protection Act, 1988 as amended, and assuming for current purposes that the processing by Eircom of “personal data” in the context of the third of three steps envisaged by the graduated response scheme proposed under the terms of this settlement, (i.e. the termination of an internet user’s subscription) is “necessary for the purposes of the legitimate interests pursued by [Eircom]”, does much processing represent “unwarranted [processing] by reasons of prejudice to the fundamental rights and freedoms or legitimate interests of the data subject”?
Is an IP address “personal data”
This question was easily answered in the negative by the trial judge. The Data Protection Act 1988 defines “personal data” as “Data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come to into, the possession of the data controller.” The IP addresses collected by rights holders did not personally identify any living person who is infringing their copyright. According the court:
“Nothing in these provisions changes one basic fact. Neither DetectNet, or any similar service of detection, nor any of the plaintiffs whose copyright material is being infringed would ever know through this process that the infringer is a particular person living in a particular place in Ireland. What they do know is that a particular IP address has been involved in the downloading. An IP address is the number given to a computer from an internet service provider when it receives internet access. The IP number electronically identifies the user of the internet. Banks of numbers for IP addresses are produced by an international organisation and these, in turn, are provided to internet service providers. One can find out by looking at the IP number, I understand, who the internet service provider is. What internet service provider is given what bank of thousands or millions of IP numbers is not kept a secret anywhere. Since each internet service provider will have, in turn, many thousands of customers, one is not moving much closer to finding out the identity of an internet abuser by knowing the copyright infringing IP address was assigned to that company. That number will probably give you no more than an indication of the domicile of the computer. Further, I am convinced, on the basis of the affidavit evidence before me, that the plaintiffs have no interest at all in using this process to find out who the copyright infringers are. Rather, what they are interested in having the protocol work so that the plague of copyright infringement may be undermined…
I conclude, that none of the plaintiffs have any interest in personally identifying any living person who is infringing their copyright by means of the settlement and protocol. I do not regard it as at all likely that they will attempt in any way to use the IP address as supplied to them by DetectNet of those engaged in illegal downloading in order to find out their names and addresses. Further, since, on the affidavit evidence before me, the plaintiffs had previously engaged in expensive litigation against Eircom in order to find out who they are, there seems no legal avenue open to them to get that information apart from an application for the names and addresses of the copyright thieves to the internet service provider. It is proved to me to be close to impossible that they could have recovered them by any easier or less pricey means. Nor do any of the plaintiffs have any intention of engaging in any illegal activity. Rather, the entire purpose of this litigation is to uphold the law. The first question is therefore answered no.”
Can a graduated response system that involves account disconnection be justified?
The second question before the court asked, essentially, whether the graduated response protocol which included the possible termination of an internet user’s subscription, is necessary for legitimate purposes and whether it represents unwarranted processing of personal data by reason of prejudice to the fundamental rights and freedoms or legitimate interests of users, the data subjects. The court resoundingly found that the protocol was necessary and justifiable.
In giving reasons, the court made some important holdings and observations which are canvassed below.
The Judge started his judgment by emphasizing the importance of copyright. He stated:
“Copyright is a universal entitlement to be identified with and to sell, and therefore to enjoy, the fruits of creative work. It applies to everyone who manages to produce anything copyrightable from a song, to a telephone directory, to a symphony, to a film. Were copyright not to exist, then the efforts of an artist could be both stolen and passed off as the talent of another. Were the artist not entitled to exploit her or his creation by preventing others from copying it without permission, usually for a fee, then the fruits of moments of inspiration worked out through weeks of endeavour and representing, sometimes, the distillation of some fundamental experience of life would bring no reward, perhaps not even applause. Even if an artist won acclaim, it alone would not keep body and soul together. Examples of what can occur where copyright protection is absent used to be found as notorious examples of unfairness in history rather than as a contemporary situation that has developed because of the abuse of the internet. When Jan Sibelius, a Finn, penned his Valse Triste, Finland was part of the Russian Empire, not a party to the copyright convention, and the great composer received nothing for what was then his most popular work. The three early ballets of Igor Stravinsky, a Russian, suffered the same fate; though on moving to the West, the composer re-orchestrated them and republished them gaining copyright but only in that form. No reasonable person doubts the injustice of that situation. The law does not doubt it either.”
Justice Charleton also explicitly recognized the right to be identified with and to reasonably exploit one’s own original creative endeavour as a human right protected under the Constitution of Ireland. On this he said:
“In dealing with this aspect of data protection entitlement, I feel I must return, for a moment, to some basic principles of law. There is fundamental right to copyright in Irish Law. This has existed as part of Irish legal tradition since the time of Saint Colmcille. He is often quoted for his aphorism: le gach bó a buinín agus le gach leabhar a chóip (to each cow its calf and to every book its copy). The right to be identified with and to reasonably exploit one’s own original creative endeavour I regard as a human right. Apart from legal tradition, the rights now enshrined in the Copyright and Related Rights Act, 2000 were, under their previous legislative incarnation, identified in Phonographic Performance Ireland Limited v. Coady,  I.R. 504 by Keane J. at 511 has having a pre-legislative origin and super-legislative effectiveness as part of the unenumerated fundamental rights under the Constitution:
‘The right of the creator of a literary, dramatic, musical or artistic work not to have his or her creations stolen or plagiarised is a right of private property within the meaning of article 40.3.2 and article 43.1 of the Constitution of Ireland, 1937 as is the similar right of a person who has employed his or her technical skills and/or capital in the sound recording of a musical work. As such, they can hardly be abolished in their entirety, although it was doubtless within the competence of the Oireachtas to regulate their exercise in the interests of the common good. In addition and even in the absence of any statutory machinery, it is the duty of the organs of the State, including the courts to ensure, as best they may, that these rights are protected from unjust attack and, in the case of injustice done, vindicated.’”
The judge then pointed out that the Internet is not a special case where the law does not apply. The Internet has not changed fundamental values and rules. As the judge pointed out: “There is nothing in the criminal or civil law which legalises that which is otherwise illegal simply because the transaction takes place over the internet. Child pornography, for instance, remains child pornography whether sent by post or digitally transmitted.”
Further, the judge observed that although the Internet has many postive attributes it also has a dark side. This includes illegal online file sharing which is subject to the law notwithstanding the free culture attitude of entitlement among online file sharers:
“When the internet gained wide currency in the 1990s many of its adages began to believe that a new form of reality had been created. Some felt that it should be subject to no rules since, as it was not based in a particular country, but as its name implies is a world-wide web of communication, unlike the previous means of communication through the post, by telephone, through television or through films, it seemed to be impossible to subject to local regulation. That is not so. Nor should it be. In common with other aspects of life, the internet has a positive and dark side. On the positive side, its aids free communication; it opens up avenues of knowledge so that it has become a centre of learning in itself; it furthers public debate; and has established the swiftest and most far reaching form of communication that humanity has known. It is, on the other hand, also thickly populated by fraudsters, pornographers of the worst kind and cranks.
The internet is only a means of communication. It has not rewritten the legal rules of each nation through which it passes. It is not an amorphous extraterrestrial body with an entitlement to norms that run counter to the fundamental principles of human rights. Since the early days of the internet, and increasingly as time has gone on, copyright material has been placed on world wide web by those with no entitlement to share it. There, it is downloaded by those who would normally have expected to pay for it. Among younger people, so much has the habit grown up of downloading copyright material from the internet that a claim of entitlement seems to have arisen to have what is not theirs for free.”
On the specific issue of whether the graduated response protocol was justified, the judge recognized that disconnection of an internet account was a serious sanction. He noted that “Some would argue that it is an imposition on human freedom.” He rejected this assertion pointing out that “There is no freedom, however, to break the law.” Then, after adverting to the right to obtain protection for “one’s own original creative endeavour” “as a human right” under the Irish Constitution, he held that the graduated response protocol was fully justified to vindicate this important human right. According the the court:
“The courts under the Constitution are obliged to supply, even in the absence of legislative intervention, appropriate remedies for the undermining of rights within the scheme of fundamental law that the Constitution represents. As has often been said, the powers of the courts in that regard are as ample as the Constitution requires. I am therefore obliged by Constitutional imperative to protect, as best I can, the rights of copyright owners from unjust attack or, where that sort of attack has taken place, to vindicate their rights through an appropriate order. There is ample expression of statutory remedies in the laws passed by the Oireachtas under the Constitution. Section 37 of the Copyright and Related Rights Act 2000 provides that the owner of the copyright in work has the exclusive right to undertake or authorise others to make that work available to the public. This legal entitlement is being flagrantly violated by peer-to-peer illegal downloading. I can see no other way of looking at the problem. More than one of the conditions in s.2A of the Data Protection Act, 1988 as amended is met as to both the legitimate interests of Eircom, as a responsible company, and that of the community in general. The most important of those interests is that of abiding by the law. It is completely within the legitimate standing of Eircom to act, and to be seen to act, as a body which upholds the law and the Constitution. That is what the court expects of both individuals and companies. That expectation is derived from the rights protected under the Constitution and the general pact which the people of Ireland mutually made in founding a legal system, as the Preamble to the Constitution clearly declares, that is dedicated to attaining true social order. The insertion of express conditions by Eircom in the user – internet service provider contract, as quoted above, against the use of the internet as a facility for transmitting obscene images and against the infringing the copyright of others is a step taken in pursuance of a corporate policy that is no less than lawful and proper. It is abundantly clear that the data subject has given his or her consent, in return for obtaining internet access. Under contract, if any of these conditions be breached, then their access can be terminated. It may be that internet access is available elsewhere from other internet service providers on lesser conditions. If that is so it is hard to see, however, how conditions of a contract can validly avoid the law. These, however, are the conditions that apply here. A contract for service, involving termination for breach as a consequence on the operation of a condition is present by consent. That is not all. Furthermore, such processing, involving sifting the data from the plaintiffs, warning Eircom customers and, ultimately, cutting them off, is necessary for both the performance of a contract and for compliance with a legal obligation cast upon the courts, among other organs of the State, to defend the Constitution and the laws of our society. No one in the community can escape the law, as to the obligations that it imposes or the rights that it declares. The means of infringement, or the ideology that may grow around a medium of infringement, are not germane. Otherwise, the law lacks legitimacy.
Even if only s. 2(a)(1)(b) of the Data Protection Act was operative, it is legitimate for Eircom to have a corporate policy whereby the facilities that it hires out to the people of Ireland are used for lawful purposes only. Having that policy, they are entitled to pursue it by means of conditions in contract that incorporate an enforcement modality. The protocol is merely a more complex means to that end. I find it impossible to imagine that such interference is unwarranted because there is some fundamental right or freedom or legitimate interest in the data subject whereby, in contrast to those who engage in other forms of unlawful copyright theft which may leave them more readily subject to the law, the internet is used for the violation. There cannot be a right to infringe the constitutional rights of others, absent some argument as to a genuine and compelling competing right. In some instances, the purpose for which a right is asserted undermines its character as a right. There could not be, for instance, a constitutional right to privacy that extended to the organisation of a violent crime over the internet or by telephone. There is nothing disproportionate, and it is therefore not unwarranted, about cutting off internet access because of three infringements of copyright. The exceptions in the protocol, to which I have already referred in detail, provide for upholding relevant rights to medical care, to livelihood and to business use in appropriate circumstances. The protocol, at the relevant stage, is not inhumane or arbitrary. Rather, there is a right to make representations and these will, I am assured and I believe, be listened to if sensible and credible.”
The decison will now permit Eircom to implement the graduated response protocol worked out with rights holders. Ireland will now join France, UK, New Zealand, South Korea and other countries who have enacted or are in the final processes of enacting graduated response systems to help stem illegal online file sharing and to promote legitimate markets for the sale of creative products and services.
One thought on “Is graduated response necessary to protect human rights from online copyright infringement?”
Justice Charleton finds “that remuneration to rights holders is “shrinking by reason copyright theft over the internet”. Do we know what evidence the plaintiffs supplied to support this assertion?
I’ve seen a lot of figures thrown around in US-based cases but not much for Ireland, what are the sources and figures here?